Paper 2017/858

Differential Fault Analysis of SHA-3 under Relaxed Fault Models

Pei Luo, Yunsi Fei, Liwei Zhang, and A. Adam Ding


Keccak-based algorithms such as Secure Hash Algorithm-3 (SHA-3) will be widely used in crypto systems, and evaluating their security against different kinds of attacks is vitally important. This paper presents an efficient differential fault analysis (DFA) method on all four modes of SHA-3 to recover an entire internal state, which leads to message recovery in the regular hashing mode and key retrieval in the message authentication code (MAC) mode. We adopt relaxed fault models in this paper, assuming the attacker can inject random single-byte faults into the penultimate round input of SHA-3. We also propose algorithms to find the lower bound on the number of fault injections needed to recover an entire internal state for the proposed attacks. Results show that on average the attacker needs about 120 random faults to recover an internal state, while he needs 17 faults at best if he has control of the faults injected. The proposed attack method is further extended for systems with input messages longer than the bitrate.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Journal of Hardware and Systems Security
Contact author(s)
silenceluo @ gmail com
2017-09-09: received
Short URL
Creative Commons Attribution


      author = {Pei Luo and Yunsi Fei and Liwei Zhang and A.  Adam Ding},
      title = {Differential Fault Analysis of SHA-3 under Relaxed Fault Models},
      howpublished = {Cryptology ePrint Archive, Paper 2017/858},
      year = {2017},
      doi = {10.1007/s41635-017-0011-4},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.